# Google dorks ## Générateur de dorks personnel {% embed url="" %} ## Google, Bing, Yahoo dorks Il s'agit des méthodes de recherches avancés des moteurs de recherches, en utilisant certaines fonctionnalité des moteurs de recherche que nous utilisons, nous somme parfois capable de retrouver du contenu sensible exposé sur internet. Exemple de google dorks: 
site:*target.com
site:*.*.target.com
site:*.*.*.target.com 
site:*target.com filetype:pdf
site:target.* inurl:/admin
site:target.com intext:"index of /"
site:*target.com inurl:"/content/dam"
site:*target.com intitle:"index of" "docker-compose.yml"
site:*target.com intitle:"index of"|"access_token.json"
site:*target.com intitle:"index of" "config.json"
site:*target.com intitle:"index of" "service-Account-Credentials.json" | "creds.json"
site:*target.com intitle:"index of" "db.json"
site:*target.com intitle:"index of" "credentials.json"
site:*target.com intitle:"index of" "awsconfig.json"
site:*target.com filetype:csv admin
site:codepad.co "company"
site:scribd.com "company"
site:npmjs.com "company"
site:npm.runkit.com "company"
site:libraries.co "company"
site:ycombinator.com "company"
site:coggle.it "company"
site:papaly.com "company"
site:google.com "compagny"
site:trello.com "company"
site:prezi.com "company"
site:jsdelivr.net "company"
site:codepen.io "company"
site:codeshare.io "company"
site:sharecode.io "company"
site:pastebin.com "company"
site:repl.it "company"
site:gitter.im "company"
site:bitbucket.org "company"
site:zoom.us "company"
site:atlassian.com "company"
site:s3.amazonaws.com inurl:"company"
site:storage.googleapis.com "http://target.com"
inurl:gitlab "company"
intext:"index of" /etc/passwd
intext:"index of" /etc/shadow
"index.of" id_rsa inurl:target
"index.of" private.key inurl:target
"© target 20XX"
"© 20XX target"
inurl:ftp inurl:(http|https) "target" filetype:pdf
...
### AWS S3 buckets ``` inurl:s3.amazonaws.com/legacy/ inurl:s3.amazonaws.com/uploads/ inurl:s3.amazonaws.com/backup/ inurl:s3.amazonaws.com/mp3/ inurl:s3.amazonaws.com/movie/ inurl:s3.amazonaws.com/video/ ... ``` ## Autres stockages cloud ``` site:http://blob.core.windows.net "target.com" site:http://googleapis.com "target.com" site:http://drive.google.com "target.com" site:dropbox.com/s "target.com" site:box.com/s "target.com" site:docs.google.com inurl:"/d/" "target.com" ``` ## Documentation API ``` inurl:/swagger-ui.html -github -gitlab -reddit -stackoverflow -medium inurl:/api/swagger -github -gitlab -reddit -stackoverflow -medium inurl:/api/v1/docs | inurl:/api/v2/docs | inurl:/api/v3/docs inurl:/api/apidocs ``` ## CMS 
#Drupal
intext:"Powered by Drupal" inurl:"/node/1" -drupal.com -drupal.org -github
inurl:"sites/all/modules/ckeditor" -drupalcode.org

#WordPress
intext:"Index" inurl:"wp-" -wordpress.org -stackexchange -github
inurl:"/wp-json/wp/v2/users/" "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com
inurl:"/wp-content/uploads"
inurl:"wp-register.php" -wordpress.com -wordpress.org -github
intitle:"index of" "wp-config.php.bak"

#Joomla
inurl:"/libraries/joomla/database/"
## Frameworks ``` #Symfony intitle:"index of" "symfony/config" inurl:"_fragment" | inurl:"_profiler" inurl:"_profiler/phpinfo" inurl:"_profiler/open" #Ruby on rails inurl:"index.rb" inurl:"/config/database.yml" inurl:"/config/initializers/secret_token.rb" inurl:"/db/seeds.rb" inurl:"/db/development.sqlite3" ``` ### Git exposé ``` “index of” inurl:.git intitle:"index of" .git/hooks/ filetype:git ``` ## Cache Voir version de site web en cache: ``` cache:exemple.com/blabla ``` ## Monitoring Il est également possible de recevoir des alertes à chaque nouveau résultat pour une recherche donnée avec google. ressource: ### 0xdork 0xdork est un outil de google dorking très simple et léger écrit en python. Exemple d'utilisation: *`$ ./oxdork -q site:*.target.com -c 30`* ressource: ### Katana Katana est un autre outil permettant de récupérer les réponse à une google dork. Exemple d'utilisation: *`$ python3 kds.py -g`* ressource: ressources: * *